RE: PATCH DELAY? Buffer Overflow in UPnP Service On Microsoft Windows

[InfoSec News <isn () c4i org>]

Forwarded from: security curmudgeon <jericho () attrition org>
cc: mcdonald_patrick () bah com

> Forwarded from: McDonald Patrick <mcdonald_patrick () bah com>
>
> I don't have an issue with how long Microsoft took to issue.  I
> have issue with Microsoft not notifying their customers.  How many
> people could have been exploited and never known?  Microsoft could
> have taken their sweet time as long they advise the consumer on
> how to protect themselves until the patch was loaded.

.. and something I have harped on before. What is the point of
providing an email address during product registration if they don't
use it? This is one time where e-mail would probably be welcomed by
anyone using their products, yet Microsoft still opts not to inform
their customer base.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.